Lucene search
K

66 matches found

CNNVD
CNNVD
added 2025/11/05 12:0 a.m.7 views

MDaemon Mail Server 安全漏洞

MDaemon Mail Server is an e-mail server software from MDaemon Inc. in the United States. A security vulnerability exists in MDaemon Mail Server version 23.5.2, which originates from a flaw in the use of email validation SPF, DKIM, and DMARC using the pointed brackets in the From header of the SMT...

7.1CVSS6.6AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.4 views

PT-2025-45159

Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...

6.1CVSS5.8AI score0.00208EPSS
Exploits1References3
OSV
OSV
added 2025/10/30 6:31 p.m.3 views

GHSA-F5VH-4RJ2-W8R8 Liferay Portal is vulnerable to DNS rebinding attacks

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

5.1CVSS7.1AI score0.00384EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/30 6:31 p.m.28 views

Liferay Portal is vulnerable to DNS rebinding attacks

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

6.1CVSS6.7AI score0.0021EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/30 6:15 p.m.5 views

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

6.1CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 5:37 p.m.14 views

CVE-2025-62266

CVE-2025-62266 affects Liferay Portal versions 7.4.0–7.4.3.119 and older unsupported builds, and Liferay DXP across multiple 2023–2024 releases, with DNS rebinding allowing redirection to arbitrary external URLs. Mitigation advised: change redirect URL security from IP to domain. Connected docs c...

6.1CVSS6.7AI score0.0021EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/30 5:37 p.m.3 views

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

5.1CVSS6.7AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 9:1 p.m.11 views

CVE-2025-34252

...

Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-6367

Malware in sbrugna...

6.5CVSS6.5AI score0.00717EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2025/10/02 3:22 p.m.11 views

Microsoft 365 Direct Send Abuse

The Rapid7 MDR team has observed a significant rise in the number of threat actors leveraging a lesser-known feature within Microsoft 365 called Direct Send. Rapid7 encourages organizations to immediately review their authenticated mail flow configurations, specifically related to Microsoft 365...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.7 views

PT-2025-39053

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Filter Everything affected versions not specified Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting XSS issue...

6.5CVSS6AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.9 views

PT-2025-39054

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Podcast versions through 1.6 Description A flaw exists in PenciDesign Penci Podcast that allows for DOM-Based Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

6.5CVSS6.1AI score0.00159EPSS
Exploits0References3
OSV
OSV
added 2025/05/13 6:15 a.m.5 views

CVE-2025-22249

VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...

8.2CVSS5.8AI score0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/31 11:15 a.m.2 views

CVE-2025-30963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through = 3.6.3...

6.5CVSS7.2AI score0.00194EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/12/20 12:0 a.m.9 views

The vulnerability of the DDNS Record component of the operating system for managing Synology Router Manager network devices allows attackers to perform domain-based attacks.

The vulnerability of the DDNS Record component of the operating system used to manage Synology Router Manager devices is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform domain-level attacks...

6.5CVSS5.5AI score0.0026EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/11 10:51 a.m.10 views

BIT-DISCOURSE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

8.2CVSS8.2AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2024/10/07 9:15 p.m.19 views

CVE-2024-45051

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

8.2CVSS0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/07 8:23 p.m.17 views

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

8.2CVSS0.00366EPSS
Exploits0References1
OSV
OSV
added 2024/10/07 8:23 p.m.13 views

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

8.2CVSS6.7AI score0.00366EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/07 8:23 p.m.22 views

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

8.2CVSS7.3AI score0.00366EPSS
Exploits0References1
Rows per page
Query Builder